Today, I received an email from one of my coworkers (yes, even careful employees of security vendors are in danger:) ). This email has more recipients and contains only one link, without any text or subject.
Fortunately, I am a really paranoid person about emails containing only a link to an unknown site. At this link, you can notice two really suspicious things: The directory is images and there's a file called yahoo12.php. That should warn users to avoid clicking on this link.
The site mentioned in the email contains only simple script with redirection:
As you can see, the final destination is the site newsmarketgen4online.com. This site was created on 2013 01 19. This site is hosted at 188.8.131.52 and we can see more suspicious new created domains at this IP address.
In our database we found the list of new sites used for spreading spam job offers and not only fake news servers were used but many fake diet sites too.
Fortunately, when users reach the final page there is no hidden malware but an "amazing" job offer.
At first, we noticed the site's owners use social engineering to convince users. In the headline is a variable town name that changes depending on a visitor's geo-IP.
To 'prove' the legitimacy of earning money, they show an sample transaction list and bank check:
This offer is a high-paid part-time job from home. Everything you need requires that you register there with your name, phone number, and email address. Then, just register one more time to the 'members zone' and pay only $99,95 for Work at Home Digital (with an alleged value of $997) and, as a bonus, you can buy some secret knowledge for funny prices starting at $97 and start "earning" HUGE money.
Many articles and blog posts have been written about email spam and scam job offers, but sometimes it is really hard to decide if a site is legitimate or it is a scam offer. And people wouldn't keep making these scams if they did not work on a significant percentage of the population.
To avoid being scammed it's good to follow some safe steps. I found an informative article at http://jobsearch.about.com/od/jobsearchscams/qt/howtotellscam.htm where the author gives good advice to readers on how to recognize scam job offers, as well as using Google to find information about the company, website, and its authors. Check scam lists and be careful -- or even a bit paranoid -- especially when somebody asks you to pay money to get a job.